The Canadian agency responsible for protecting the nation’s critical infrastructure against cyberattacks has warned that hackers have tampered with online systems that control water, energy and farm facilities. “Hacktivists are increasingly exploiting internet-accessible ICS [industrial control system] devices to gain media attention, discredit organizations, and undermine Canada’s reputation,” an alert from the Canadian Centre for Cyber Security said.
The alert, sent to information security officers on October 29, 2025, says the Cyber Centre and the Royal Canadian Mounted Police have received multiple reports in recent weeks of incidents involving internet-accessible ICS devices. At a water facility, pressure valves were tampered with, degrading service in that area. At an oil and gas company, hackers interfered with an automated tank gauge, triggering false alarms. At a farm’s grain drying silo, temperature and humidity levels were manipulated, creating conditions that could have been dangerous if not caught in time. The alert did not say who might be behind the cyberattacks.
An ICS lets service providers, utilities or businesses remotely monitor processes and control devices. Operational technology systems connected to the internet or other computer networks are “attractive targets” to hackers focused on tampering with services, the center said in a July notice.
Paul Shaver, an expert in operational technology security at Mandiant, part of Google Cloud, said pro-Russia hackers often target internet-connected systems, especially those tied to critical infrastructure for water, energy and manufacturing. “Their primary initial access method often involves opportunistically exploiting unpatched, publicly known vulnerabilities in internet-facing devices, weak security configurations, or the use of default credentials,” Shaver said in a media statement. “This focus on readily accessible flaws — effectively the lowest-hanging fruit — underscores a critical point: robust security hygiene measures are the most effective defense.”
The Cyber Centre is a division of the Communications Security Establishment, Canada’s information technology security and signals intelligence agency. In its October 29 alert, the Cyber Centre said that while individual organizations or businesses in Canada may not be direct targets, they can become “victims of opportunity” for the hackers.
The Cyber Centre offered suggestions on how to counter the attacks: “Unclear division of roles and responsibilities often creates gaps leaving critical systems unprotected. Effective communication and collaboration are essential to ensuring safety and security. Provincial and territorial governments are encouraged to coordinate with municipalities and organizations within their jurisdictions to ensure all services are properly inventoried, documented, and protected.”
The alert said this was most important in sectors where government regulations do not cover cybersecurity, such as water, food and manufacturing. “Organizations are advised to conduct a comprehensive inventory of all internet-accessible ICS devices and assess their necessity,” the alert said. “Where possible, alternative solutions — such as Virtual Private Networks (VPNs) with two-factor authentication — should be implemented to avoid direct exposure to the internet.”